Beware spammers thriving in Facebook Groups

Facebook Groups are a haven for spammers, and the world's largest social network is doing almost nothing to stop them

A couple of weeks ago I was flicking through Facebook on my iPad when I noticed this buffoon in my News Feed.

Though the buffoon's post tells people to not leave comments, I posted one anyway. I cannot repeat what I said here; suffice it to say I got my point across.

There were in fact multiple postings from the buffoon in my feed that day -- something I hadn't seen before. How in Zuckerberg's name did they get here? It has to do with how Facebook has designed its Groups feature. The short version: Because Facebook allows any friend to add you to any Group, it leaves the door wide open to spammers and says "come on in!"

Here's the longer version.

Apparently, at some point in the last month or so I got added to a Group called "Share Your Topics." If you visit that Group -- and I don't recommend it -- you will find all sorts of similar come-ons from slime merchants like the buffoon above. I was also added to another Group called Technology News where the buffoon also posts.

You can only be added to a Group by a member who is also on your friends list. But once you're there, you get to see posts from people who are most definitely not your friends -- including buffoons like that one.

That's because, in its infinite wisdom, Facebook decided that if someone else wants to add you to an "open" Group on Facebook, you're in. And by "infinite wisdom" I really mean "blatant desire to grow its Groups feature as quickly as possible and clean up the mess later (maybe) if enough people complain."

After you're added to a Group, Facebook notifies you, which presumably gives you the option to subtract yourself. But if you miss that brief notification, you're subject to any spammy post anyone in that Group deigns to share until you leave.

These notifications are also supposed to show up in your Activity Timeline, along with the name of the soon-to-ex-friend who added you. But in my tests about half of these Group notifications did not show up -- only God and Sheryl Sandberg know why. Neither Share Your Topics nor Technology News are listed in my Activity Log, so I don't know when I was added or who did it (though I have my suspicions).

As I've noted in the past, Facebook's tools for reporting abusers are notoriously frustrating. You can report a Group or a person for posting "inappropriate content." You can block the person, which doesn't stop the spamming but does keep you from seeing it. Or you can send them a polite (in my case impolite) note asking them to please stop what they are doing.

Good luck with that last one. I reported this guy and the Share Your Topics Group weeks ago. Nothing has changed.

Meanwhile, I've noticed that open Groups I voluntarily chose to join are now changing their privacy settings from open to closed. I asked one of the administrators why. His answer was simple: Spammers had invaded it.

If you're the administrator of a Facebook Group and you haven't locked it down yet, now would be a good time to do that. It's pretty easy. Go to the Group page, click the settings button in the upper right (the gear icon), and select Edit Group Settings from the drop down menu. From there you can pick exactly how open or closed you want the Group to be, and how much admin control you want over who can join and what they can say.

A better solution would be for Facebook to change its Groups policies to make them opt in, not opt out, so people can't simply add you to whatever Group they feel like until you leave. Facebook should also make it much easier to report abusers, as Twitter has done. But I don't think Facebook has any interest in solving this problem. In the meantime, we'll remain at the mercy of buffoons like this guy.

Follow TechHive on Tumblr today.

Join the CSO newsletter!

Error: Please check your email address.

Tags Web & socialsecurityFacebook

More about FacebookTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Dan Tynan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts